ci: add security dependency scanning workflow (closes #16) #26
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Major changes from 194 commits of development work: ## New Features - Rust acceleration for BAM counting (7x speedup) - Unified FASTQ/BAM pipeline - Single-cell support (scRNA-seq, scATAC-seq) - Enhanced statistical analysis (beta-binomial) - Improved CLI with better argument handling ## New Files - rust/ - Rust source for BAM counting acceleration - tests/ - Comprehensive test suite - docs/ - Enhanced documentation - .github/workflows/ - CI configuration - pyproject.toml - Modern Python packaging - pytest.ini, mypy.ini - Quality tools ## Module Updates - src/counting/ - Rust-accelerated allele counting - src/mapping/ - Optimized read mapping - src/analysis/ - Enhanced statistical methods - src/wasp2/ - Unified CLI entry points Closes #20 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Sync version to 1.2.0 across pyproject.toml, Cargo.toml, __init__.py - Fix Rust panic on empty allele strings in bam_counter.rs (use unwrap_or) - Fix Rust panic on file create in unified_pipeline.rs (use ? with context) - Fix Rust panic on HashMap get in bam_remapper.rs (use ok_or_else) - Fix bare except block in run_mapping.py (catch KeyError specifically) - Add error tracking for silent BAM failures in mapping_filter.rs - Add failure tracking and warnings in make_remap_reads.py Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add BAM read error tracking in bam_counter.rs (log first 5, warn total) - Add logging and error tracking in count_alleles.py - Convert test_rust_python_match.py to proper pytest with fixtures - Convert test_indel_correctness.py to proper pytest with fixtures Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
…low (closes #10) (#22) * feat: comprehensive CI/CD pipeline enhancement (#10) Implement GitHub Actions workflows for automated testing and release: CI Workflow (ci.yml): - Cross-platform testing matrix (Linux + macOS) - Python 3.10, 3.11, 3.12 support - Rust toolchain with proper caching - Codecov integration with token-based auth - Lint job (Black, Flake8, mypy) - Rust check job (Clippy, fmt) - Build job with artifact upload Release Workflow (release.yml): - Multi-platform wheel building (Linux, macOS) - Source distribution build - PyPI publishing with OIDC trusted publishing - GitHub Release asset upload - Dry-run support for testing Additional changes: - Add CI/coverage/PyPI badges to README - Remove redundant test.yml workflow - Add self-hosted runner documentation for HPC environments Closes #10 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci: enhance CI/CD pipeline with Python 3.12, macOS, and release workflow - Add Python 3.9 to test matrix (now 3.9-3.12) - macOS-latest already in OS matrix, exclude 3.9 instead of 3.12 - Fix Rust toolchain: dtolnay/rust-toolchain@stable - Add pip caching to all Python setup steps - Add Cargo registry caching with actions/cache@v4 - Update release workflow to trigger on v*.*.* tags - Use Trusted Publishing (OIDC) for PyPI uploads - Create GitHub Release with auto-generated notes - Add Release badge to README.md Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci: add pip caching to docs workflow for consistency Minor improvement to docs.yml workflow: - Update Python version from 3.9 to 3.10 for consistency with CI - Add pip caching to speed up documentation builds This completes the CI/CD pipeline enhancements from #10. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: address CI/CD review findings Critical fixes: - Replace || echo pattern with continue-on-error for lint steps (properly marks failures while allowing job to continue) - Add tag validation to PyPI publish step to prevent accidental releases from workflow_dispatch on non-tag refs Important fixes: - Align Black line-length (100) with Flake8 max-line-length - Update docs.yml branch triggers to match ci.yml (develop, not rust-optimization) - Add ARM64 (aarch64-apple-darwin) wheel builds for Apple Silicon Macs - Update artifact names to use target instead of OS (for unique names) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
#23) Add Read the Docs configuration and Sphinx documentation: - .readthedocs.yaml for RTD builds with Rust toolchain - docs/requirements.txt for documentation dependencies Add tutorial documentation: - tutorials/index.rst: Tutorial landing page - tutorials/concepts.rst: Allelic imbalance concepts - tutorials/basic_workflow.rst: Step-by-step workflow guide - tutorials/rnaseq_ase.rst: RNA-seq ASE analysis tutorial - tutorials/atacseq_ase.rst: ATAC-seq analysis tutorial - tutorials/single_cell.rst: Single-cell analysis tutorial Add CLI reference documentation: - cli/index.rst: CLI overview and navigation - cli/wasp2_count.rst: Count module commands - cli/wasp2_map.rst: Mapping module commands - cli/wasp2_analyze.rst: Analysis module commands Add data format documentation: - data_formats/index.rst: Format overview - data_formats/input_formats.rst: BAM, VCF, BED specs - data_formats/output_formats.rst: TSV, h5ad output specs Add reference documentation: - faq.rst: 15+ common questions with solutions - troubleshooting.rst: Error messages and diagnostics - api/io.rst: I/O module API documentation Enhance existing documentation: - index.rst: Add feature badges, comparison table, citation - conf.py: Configure pydata-sphinx-theme, autodoc settings Fix docstring formatting for Sphinx compatibility: - variant_source.py: Fix Example blocks - run_mapping.py: Fix Returns/Example blocks Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
…14) (#25) * feat: polish CLI with unified entry point and Rich formatting - Add unified `wasp2` CLI entry point that composes all subcommands (count, analyze, map) using Typer's add_typer() pattern - Add --version/-V flag to all CLI apps displaying version info - Enable Rich markup mode for colored and styled help text - Add descriptive help text and docstrings for all commands - Update bin/WASP2 to use the new unified CLI module - Register `wasp2` as main entry point in pyproject.toml The CLI now provides: - wasp2 --version: Show version in Rich panel format - wasp2 count: Allele counting commands - wasp2 analyze: Allelic imbalance analysis commands - wasp2 map: WASP mapping bias correction commands - Consistent --help formatting across all subcommands Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: complete CLI polish with Rich formatting (closes #14) --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Add comprehensive security scanning for Python and Rust dependencies: - Add .github/workflows/security.yml with: - pip-audit for Python dependency vulnerability scanning - cargo-audit for Rust dependency vulnerability scanning - GitHub Dependency Review for PR-level vulnerability checks - CodeQL analysis for code-level security scanning - Weekly scheduled scans and on-demand workflow dispatch - Artifact uploads with proper error handling - Add .github/dependabot.yml with: - Automated Python (pip) dependency updates - Automated Rust (cargo) dependency updates - Automated GitHub Actions version updates - Grouped minor/patch updates to reduce PR noise Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Collaborator
Author
|
Moving to Jaureguy760/WASP2-exp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Changes
.github/workflows/security.yml- Security scanning workflow (123 lines).github/dependabot.yml- Automated dependency updates (51 lines)Test plan
🤖 Generated with Claude Code